The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure


The United States National Security Agency is often tightlipped about its work and intelligence. But at the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency’s Cybersecurity Collaboration Center had a “call to action” for the cybersecurity community: beware the threat of Chinese government-backed hackers embedding in US critical infrastructure.

Alongside its “Five Eyes” intelligence alliance counterparts, the NSA has been warning since May that a Beijing sponsored group known as Volt Typhoon has been targeting critical infrastructure networks, including power grids, as part of its activity.

Officials emphasized on Thursday that network administrators and security teams need to be on the lookout for suspicious activity where hackers are manipulating and misusing legitimate tools rather than malware—an approach known as “living off the land”—to carry out clandestine operations. They added, though, that the Chinese government also develops novel intrusion techniques and malware thanks to a substantial stockpile of zero-day vulnerabilities hackers can weaponize and exploit. Beijing collects these bugs through its own research as well as a law which requires vulnerability disclosure.

“The [People’s Republic of China] works to gain unauthorized access to systems and wait for the best time to exploit these networks,” Morgan Adamski, director of the NSA’s Cybersecurity Collaboration Center said on Thursday. “The threat is extremely sophisticated and pervasive. It is not easy to find. It is pre-positioning with intent to quietly burrow into critical networks for the long haul. The fact that these actors are in critical infrastructure is unacceptable and it is something that we are taking very seriously—something that we are concerned about.”

Microsoft’s Mark Parsons and Judy Ng gave an update on Volt Typhoon’s activity later in the day at Cyberwarcon. They noted that after seemingly becoming dormant in the spring and most of the summer, the group reappeared in August with improved operational security to make its activity more difficult to track. Volt Typhoon has continued attacking universities and US Army Reserve Officers’ Training Corps programs—a type of victim the group particularly favors, but has also been observed targeting additional US utility companies.

“We think Volt Typhoon is doing this for espionage-related activity, but in addition we think there’s an element that they could use it for destruction or disruption in a time of need,” Microsoft’s Ng said on Thursday.

The NSA’s Adamski and Josh Zaritsky, chief operations officer of the Cybersecurity Collaboration Center, urged network defenders to manage and audit their system logs for anomalous activity, and store logs such that they can’t be deleted by an attacker who gains system access and is looking to hide their tracks.

The two also emphasized best practices like two-factor authentication and limiting users’ and admin’s system privileges to minimize the possibility that attackers can compromise and exploit accounts in the first place for access. And they emphasized that not only is it necessary to patch software vulnerabilities, it is crucial to then go back and check logs and records to make sure that there aren’t signs that the bug was exploited before it was patched.

“We are going to need internet service providers, cloud providers, endpoint companies, cybersecurity companies, device manufacturers everybody in this fight together and this is a fight for our US critical infrastructure,” Adamski said. “The products, the services that we rely on, everything that matters—that’s why this is important.”



Source link

We will be happy to hear your thoughts

Leave a reply

Our Visitor

0 0 4 4 5 2
Users Today : 2
Users Yesterday : 4
Users Last 7 days : 33
Users Last 30 days : 158
Users This Month : 104
Users This Year : 1840
Total Users : 4452
Views Today : 9
Views Yesterday : 14
Views Last 7 days : 127
Views Last 30 days : 461
Views This Month : 338
Views This Year : 4453
Total views : 11840
Who's Online : 0
Your IP Address : 54.186.197.195
Server Time : 2023-12-22
BuySemperFi
Logo
Enable registration in settings - general
Compare items
  • Total (0)
Compare
0
Shopping cart